Using ASP.NET MVC3, how can I have IIS not redirect 302 on case-sensitive routing?

Using ASP.NET MVC3, how can I have IIS not redirect 302 on case-sensitive routing?

For example, I create an application folder under my site called "Admin" in IIS. The javascript (there are hundreds of files, no trivial change, and then when new code gets generated or written, we have to manually case-enforce on all routes? I think that's overkill) and some of the handwritten links all point to /admin/ControllerName/ or /admin/controllername/ already, and so when IIS sees this, it issues a 302 to /Admin/ControllerName/. Obviously (I tested to confirm) just changing the case prevents the 302.

Every image, javascript include, etc, causes two hits to IIS.

How can I reduce the traffic and just have IIS go ahead and reroute me case-insensitively so we can stop all the silly 302's. Or is this impossible and I should go case-enforce every potential URL forevermore in all the code we write? Or do I just need to suck it up and live with the 302's?


I'm guessing that you're using WS-Federation? Or at least using the WSFederationAuthenticationModule and/or SessionAuthenticationModule? Both of those modules perform a redirect to match the casing of your application as it's in IIS any time they're unable to authenticate you or verify that you're authorized to get the requested resource. I don't see any way to keep it from doing this, and even if you could, you probably wouldn't be able to actually access the resources by using /admin.

The reason for this is that the path listed in cookies is case-sensitive, and since everything related to WS-Federation is done via cookies, the casing has to match. If the cookies showing that you've been authenticated are created for /Admin and then you try to access /admin, it will think you're not authenticated.

One possible workaround would be to set the admin directory as a separate application in IIS, and configure it to not use the FAM or SAM. However, based on the name of the directory, I'm guessing that won't be a viable option for you, since you'd lose authentication on that directory.


Hmmmm, I thought IIS was case insensitive.

Are you sure there isn't any URL rewriting going on here that you can just disable?

Cheers